As computer infrastructures continue to grow in popularity and capability, an increasing number of resources are being provided in an on-line or computer environment. For example, it is common for organizations to provide a company or corporate network that employees access to perform their job functions and/or communicate with one another. Access to the network will typically occur through well known log-in techniques such as validation and authentication of a user/distinguished name and password. Similar techniques are practiced throughout the World Wide Web by website operators, network operators (e.g., America Online), etc.
Unfortunately, the convenience provided by such technology is often offset by security risks. For example, it has become increasingly common for malicious attackers to attempt to infiltrate a user's account. If such attempts are successful, any number of problems could arise. For example, the underlying network could be attacked, the user could be impersonated, etc. In addition, if and when the malicious attacker gains access, any information learned could be posted on any number of password trading Web sites. Many of these Web sites are very popular and may result in many other unauthorized individuals gaining access to protected systems.
Heretofore, many techniques have been suggested for controlling unauthorized access. Once such technique is disclosed in U.S. Patent Application Publication No. 20030101359 ('359), hereby incorporated by reference. In '359, a quantity of failed log-in attempts for a user are tracked. If the quantity of failed log-in attempts exceeds an allowable amount, the password for the user name being attempted is revoked. Specifically, under '359, when a failed log-in attempt is recognized, a message is sent to a strikeout server. The strikeout server will then determine the current quantity of failed log-in attempts and revoke the password if the current quantity exceeds the allowable amount. However, no existing system addresses the issues raised by a geographically distributed computer infrastructure that contains more than one strikeout server.
In view of the foregoing, there exists a need in the art to overcome the deficiencies indicated above.